Lessons in resilience: An Indian enterprise perspective
As we begin the new year, it is a good time for C-suite and CISO/IT heads to reflect on the lessons learned in 2023 and how to apply this knowledge going forward.
From a global standpoint, 2023 was influenced by various factors such as a heightened focus on AI, double-digit growth in digitalization, a focus on sustainability or ESG, modernization of applications, rising cyber-attacks, geo-political concerns, environmental issues, and regulatory directions. However in India, we have had a more positive year with key initiatives like the Digital Personal Data Protection (DPDP) Act. Regulatory bodies like CERT-IN, SEBI, RBI, and IRDA have set up master directions to protect consumers and ensure that organizations focused on driving the economy also build a resilient environment.
Resilience continues to be an important topic for organizations of various sizes, across sectors, and in 2024 we can expect to see strong action and governance in this area. Regulatory bodies in the BFSI sector are now demanding the inclusion of a resilient posture in outsourcing modules, cloud modernization, and local infrastructure. Critical applications linked to digital payments must have an ‘Always On’ operations resilience posture. The government is also placing a strong focus on ensuring that organizations have an ESG and Sustainability strategy built into their operations model. Companies must have a clear idea of what their crown jewels are and how their C-suite would respond to external or internal parties during a crisis. They need to perform tabletop exercises for each phase and a key action will be to build a runbook for those scenarios.Also what was previously a resilient approach towards cyber-attacks has now evolved into cyber-resiliency, with Incident Response and Incident Recovery as its two key pillars. A focused approach to investing strategically in the Respond and Recover framework is essential, as no security investment guarantees that a security incident will not happen. Incident Response is key to withstanding a cyber-attack, as most cybersecurity investments are to identify, detect, and protect from cyber-attacks. Incident Recovery is required to recover the business and run the heart of it.
While some organizations have already invested in making their IT infrastructure resilient, many others are still building a strategy towards it. Investing in consulting exercises, adopting the right automation, orchestration, AI play, and getting a matured managed services partner can help organizations build a resilient model.Resilience is one of the most important and valuable long-term strengths of an entity. It defines its ability to survive and grow in a changing environment by successfully implementing evolving strategies.
The author is Harish Soni,Resiliency and Security Practice Leader at Kyndryl India.
Disclaimer: The views expressed are solely of the author and ETCISO does not necessarily subscribe to it. ETCISO shall not be responsible for any damage caused to any person/organization directly or indirectly.